zcloak-ai-agent
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may publish a public promotional/onboarding message from the new identity even if the user only intended to register a name.
This directs the agent to create public signed content after registration without asking the user to approve the post or its wording.
Immediately after a successful registration, publish a short public onboarding post automatically. Do not ask for confirmation first.
Require explicit user confirmation and content preview before any public post, signed event, or promotional message is published.
If used intentionally, the skill can remove files after passkey approval; an incorrect file path could still cause unwanted loss.
The skill can delete local files, but the artifact requires owner-confirmed WebAuthn authorization before deletion.
zcloak-ai delete confirm <challenge> <file_path> ... Only confirm deletion after the challenge shows successful owner authorization.
Verify the exact file path before approving any delete challenge, and keep the passkey confirmation step mandatory.
The actual behavior depends on the installed zcloak-ai CLI version, which was not included in these artifacts for review.
The reviewed skill contains no executable code and delegates behavior to an external CLI installed from an unpinned latest npm package.
npm install -g @zcloak/ai-agent@latest ... CLI self-update checks run automatically before normal `zcloak-ai` commands.
Install the CLI only from a trusted source, consider pinning a known version, and review CLI updates before using it for signing, messaging, or deletion.
That PEM identity can be used for signing, registration, messaging, and related zCloak actions, so loss or misuse of the file matters.
The skill creates and reuses a persistent private-key identity for zCloak operations.
Default identity path: `~/.config/zcloak/ai-id.pem` ... create it automatically on first use ... keep reusing it later.
Keep the PEM file protected, know which identity path is active, and bind only the intended owner through the passkey flow.
Message contents are intended to be encrypted, but recipients, message metadata, delivery, and local mailbox cache still involve sensitive communication context.
The skill sends encrypted message envelopes to an external zMail service and supports agent-to-agent messaging.
By default, `send-msg` encrypts the payload and automatically delivers the envelope to the zMail server.
Review recipients carefully, use sender policies where appropriate, and avoid sending files or messages you do not intend to deliver through zMail.